Forum Discussion

Nimbostratus

Oct 24, 2007

bypass a CRL with an invalid date

Hi, We are using client certificates and a CRL (Certificate Revocation List) to check wether the client certificate is revocated. Every night we are loading a new CRL from our provider ...

Nimbostratus

May 26, 2009

Posted By capmblade on 11/09/2007 10:43 AM

Hello Hille,

I tested your rule with an expired CRL and for me anyway, it DOES allow the traffic through. I see the following three messages:

"Found CRL is expired -- revoking all certificates until current CRL is available."

Rule crltest : ClientSSL_Client handshake status: CRL has expired

Rule crltest : CRL date is not valid, but you may continue

I also tested your rule with a revoked certificate and it redirects to "certerror.htm"

Do you not see the "you may continue" message when you run your rule?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

bypass a CRL with an invalid date

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

Related Content

Bypass Azure Login Page with OAuth login_hint on F5 BIG-IP APM

Bypass certificate check

MSM Bypass

Access Logs - Invalid Tenant

EV Car Hacking, AI bypass KYC, LLM does not trust human, and Active Cyber Defense

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS